kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  name: allow-to-dns
  namespace: app1
spec:
  policyTypes:
    - Egress
  podSelector: {}
  egress:
    - to:
      # Пример определения доступа к DNS через поды серверов DNS
#      - namespaceSelector:
#          matchLabels:
#            kubernetes.io/metadata.name: kube-system
#        podSelector:
#          matchLabels:
#            k8s-app: kube-dns
#      - namespaceSelector:
#          matchLabels:
#            kubernetes.io/metadata.name: kube-system
#        podSelector:
#          matchLabels:
#            k8s-app: nodelocaldns
      - ipBlock:
          cidr: 169.254.25.10/32
      ports:
        - port: 53
          protocol: UDP
        - port: 53
          protocol: TCP